|
200061
|
6.5 |
MEDIUM
Network
|
ibm
|
rational_doors_next_generation
rational_quality_manager
collaborative_lifecycle_management
engineering_test_management
rational_engineering_lifecycle_manager
engineering_lifecycle_mana…
|
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.
|
NVD-CWE-noinfo
|
CVE-2020-4732
|
2024-11-21 14:33 |
2021-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200062
|
4.9 |
MEDIUM
Network
|
ibm
|
8335-gca_firmware
8335-gta_firmware
8335-gtb_firmware
|
IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a de…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-4839
|
2024-11-21 14:33 |
2021-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200063
|
8.8 |
HIGH
Network
|
ibm
|
security_guardium
|
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in …
|
CWE-89
SQL Injection
|
CVE-2020-4990
|
2024-11-21 14:33 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200064
|
7.5 |
HIGH
Network
|
ibm
|
gpfs.tct.server
|
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 1…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-4850
|
2024-11-21 14:33 |
2021-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200065
|
3.3 |
LOW
Local
|
ibm
|
cloud_pak_for_multicloud_management
|
IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 188902.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4765
|
2024-11-21 14:33 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200066
|
4.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access…
|
NVD-CWE-Other
|
CVE-2020-4646
|
2024-11-21 14:33 |
2021-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200067
|
9.1 |
CRITICAL
Network
|
ibm
|
planning_analytics_local
planning_analytics_cloud
|
IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote atta…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-4670
|
2024-11-21 14:33 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200068
|
9.1 |
CRITICAL
Network
|
ibm
|
planning_analytics_local
planning_analytics_cloud
|
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without passwor…
|
CWE-862
Missing Authorization
|
CVE-2020-4669
|
2024-11-21 14:33 |
2021-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200069
|
7.5 |
HIGH
Network
|
ibm
|
planning_analytics_local
|
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.
|
NVD-CWE-noinfo
|
CVE-2020-4985
|
2024-11-21 14:33 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200070
|
2.4 |
LOW
Network
|
ibm
|
cloud_pak_for_security
|
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper …
|
CWE-20
Improper Input Validation
|
CVE-2020-4811
|
2024-11-21 14:33 |
2021-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
